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common file unless a user is the normal one 
authenticated by means of a server by permitting a 
client side to succeed an authentication for an access 
request to the common file which is managed by means 
of the server even in an off-line state. 
SOLUTION: When the requested common file is 
transferred to a client for the access request to the 
comman file from the client to the server, the common 
file is enciphered 202 and transferred with acount 
information managed on the server. When access to the 
common file is permitted in the client, an authentication 
processing 32 consisting of at least a user name and a 
password is executed, the enciphered common file is 
decoded only when the user is authenticated to be the 
normal one 207 so as to make access possible. At the 
time of access completion, the decoded common file is 
enciphered so as to be preserved in the local storage 
medium of the client and the authentication processing 
is also executed at the time of requesting access to the preserved common file. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

LThis document has been translated by computer. So the translation may not reflect the original 
precisely. 

2 **** s hows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] It is the file access authentication approach in the server client mold network system of a file- 
sharing mold. As opposed to the access request from a client to the shared file to a server Face 
transmitting the demanded shared file to a client, and the shared file concerned is enciphered. And in 
case the account information managed on a server is attached and transmitted and access to the shared 
file concerned is permitted in a client Carry out authentication processing which consists of a user name 
and a password at least, decode the shared file enciphered only when attested with his being the user of 
normal, and it is supposed that it is accessible. The file access authentication approach characterized by 
enciphering the decoded shared file at the time of access termination, saving at the local storage of a 
client, and carrying out authentication processing also at the time of the access request to the saved 
shared file. 



[Translation done.] 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the file access authentication approach in the server 
client mold network system of a file-sharing mold, copies the shared file which the server has managed 
especially to the memory in a client, and relates to the file access authentication approach of having 
made it enable only the user who gave authentication on the server also in the case of the use gestalt 
called mobile computing carried and used off-line to access a shared file. 
[0002] 

[Description of the Prior Art] When there is an access request to the shared file which the server has 
managed from the client conventionally in the server client mold network system of the file-sharing 
mold on condition of LAN etc., authentication over the access request is carried out by the approach the 
authentication function of a server judges access propriety, about the account information used in case a 
client takes the necessary procedure for a log in etc. to a server. 
[0003] 

[Problem(s) to be Solved by the Invention] In case it is going to consider as an offline state and is going 
to access the copied shared file after a client copies the shared file on a server to the storage on a client 
in response to authentication of a server, it becomes unnecessary however, to receive authentication of a 
server by the server side, since it is premised on the client logging in when a client accesses the shared 
file on a server, if it is in the above-mentioned conventional authentication approach. For this reason, 
even if a user is whom, the trouble of being accessible once generates the shared file copied to the 
storage on a client. 

[0004] It is made in order that this invention may solve each above troubles. The purpose The 
authentication over the access request to the shared file which the server has managed Also in an off-line 
condition, succeed to a client side, and access to a shared file is completely controlled by the server. If it 
is not the user of the normal which a server attests, access to a shared file will be made impossible, and 
it is in offering the file access authentication approach that it can avoid using the high data of 
confidentiality etc. unjustly. 
[0005] 

[Means for Solving the Problem] In order to attain the above-mentioned purpose, the file access 
authentication approach of this invention As opposed to the access request from a client to the shared 
file to a server Face transmitting the demanded shared file to a client, and the shared file concerned is 
enciphered. And in case the account information managed on a server is attached and transmitted and 
access to the shared file concerned is permitted in a client Carry out authentication processing which 
consists of a user name and a password at least, decode the shared file enciphered only when attested 
with his being the user of normal, and it is supposed that it is accessible. The decoded shared file is 
enciphered at the time of access termination, and it saves at the local storage of a client, and is 
characterized by carrying out authentication processing also at the time of the access request to the saved 
shared file. 
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[0006] 

[Embodiment of the Invention] Hereafter, the operation gestalt of this invention is explained to a detail 
using a drawing. 

[0007] Drawing 1 is the block diagram showing the operation gestalt of the principal part of the 
client/server architecture of the file common mold on condition of LAN. 

[0008] In drawing 1 , 1 is the network to which between a server machine 2 and a client machine 3 is 
connected, for example, LAN. The server machine with which 2 manages a shared file, and 3 are client 
machines, and the server machine 2 and the client machine 3 have realized the system of a file common 
mold through a network 1 . 

[0009] The encryption function which enciphers to the demanded shared file when there is an access 
request to the shared file to which the authentication function on a server machine 2 manages 21, and a 
server machine 2 manages 22 from a client machine 3, and 23 are the authentication addition function 
which attaches to the reception from the authentication function 21 of a server machine 2, and the 
demanded file in the form of account and an access permission list of the account which has an access 
permission in this file, when there is an access request to a shared file. These authentication functions 
21, the encryption function 22, and the authentication addition function 23 are realized by the program 
of an authentication processing program, an encryption program, and an authentication attached- 
processing program, respectively. 

[0010] 24 is a data file (shared file) which a server machine 2 manages and two or more client machines 
3 are sharing. 

[001 1] On the other hand, 3 1 is local memory which a client machine 3 manages, and the file received 
from the server machine 2 is once stored in this local memory 3 1 . 

[0012] 32 is an authentication analysis feature which checks an access permission in case the application 
program 35 of a client machine 3 accesses from a server machine 2 to the file stored in reception and 
memory 31, and this authentication analysis feature 32 requires the input of account information and a 
password of the user of an application program 35, in case an application program 35 tends to access the 
reception file on memory 31 (reading writing). Furthermore, the authentication analysis feature 32 
compares the inputted account information, the account information attached to the reception file in 
memory 31, and an access privilege list, and verifies whether this account information has an access 
permission in a reception file. It restricts, when it has an access privilege, and it cooperates with the 
encryption decode function 33, and a data access is permitted to the user of an application program 35. 
[0013] 33 is an encryption analysis feature, is called from the authentication analysis feature 32, and 
removes and decodes the encryption given to the reception file by the encryption function 22 of a server 
machine 2 to the reception file in the memory 31 which the authentication analysis feature permitted 
access. 

[0014] It is an encryption function for enciphering again and storing the reception file which 34 carried 
out the capture of the access to the reception file from an application program 35, and the I/O capture 
function which distinguishes whether authentication and access to the reception file to which encryption 
was given are permitted, and 36 were decoded, and was stored in memory 31 at the time of the access 
termination from an application program 35. 

[0015] These authentication analysis features 32, the decryption function 33, the I/O capture function 
34, and the encryption function 36 are realized by the authentication analysis processing program, the 
decryption processing program, the I/O capture program, and the program of an encryption processing 
program, respectively. 

[0016] Drawing 2 is the sequence diagram of reading of the data file 24 by the application program 35 
by the side of a client machine. 

[0017] The data reading instruction (file access demand) published from the application program 35 is 
once judged by the I/O capture function 34, and it is checked whether it is access to the data file 24 of a 
server machine 2 (step 201). And only when it is checked that it is access to a data file 24, it is 
transmitted to a server machine 2 through a network 1 . 

[0018] On the other hand, the file demanded from the client machine 3 is searched out of a data file 24, 
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and to the file, a server machine 2 enciphers by the encryption function 22 (step 202), to the enciphered 
file, it attaches account information (step 203) and transmits it to a client machine 3 by network 1 course 
by the authentication addition function 23 further. 

[0019] A client machine 3 once stores the file which received in memory 31. Next, the authentication 
analysis feature 32 of a client machine 3 If a file is stored in memory 31, the input of account 
information will be required of the user who published the file access demand from the application 
program 35 (step 204). If account information is inputted from a user (step 205) It compares with the 
authentication information attached [ whether the reception file in memory 31 can be accessed by the 
account information inputted by the user, and ] to the reception file concerned (step 206). If accessible, 
the enciphered reception file will be decoded by the decryption function 33 (step 207), and an 
application program 35 will be passed through the I/O capture function 34. 

[0020] When a user ends access to the file decoded from the application program 35, the encryption 
function 36 enciphers the data of the decoded file again like encryption processing of a server machine 
2, and stores them in memory 3 1 . 

[0021] In short, after receiving the same authentication processing again, since it is accessible, it 
enciphers again and the file data decoded in memory, such as the memory 3 1 of a client machine 3 or 
card memory, is stored. 

[0022] The file which is drawing showing the sequence in the case of mobile computing which is made 
to hold the copy of the file which received from the server machine 2 to the data file 37 which prepared 
drawing 3 in the client machine 2, and works off-line to it, and was copied at the data file (client store) 
37 of a client machine 3 is the file as which authentication information was attached and it was 
enciphered in the server machine 2. 

[0023] Also in case a user accesses this data file 37 from a client machine 3, authentication processing is 
carried out by the same sequence as drawing 2 , and encryption is solved only when accessible account 
information and an accessible password are entered. 

[0024] Therefore, even if it is an offline state, access is permitted through the same authentication 
processing as an on-line state. Even if it saved the file copied in the client machine 3 by this, accessing 
becomes impossible except the user of normal whom the server machine 2 accepted, and it becomes 
possible to prevent that the high data of confidentiality leak in addition to the user of normal. 
[0025] 

[Effect of the Invention] As opposed to the access request to a shared file [ as opposed to / in / as 
explained above / this invention / the server from a client ] Face transmitting the demanded shared file to 
a client, and the shared file concerned is enciphered. And in case the account information managed on a 
server is attached and transmitted and access to the shared file concerned is permitted in a client Carry 
out authentication processing which consists of a user name and a password at least, decode the shared 
file enciphered only when attested with his being the user of normal, and it is supposed that it is 
accessible. In order to encipher the decoded shared file at the time of access termination, to save at the 
local storage of a client and to carry out authentication processing also at the time of the access request 
to the saved shared file, The authentication over the access request to the shared file which the server 
has managed is inherited by the client side also in an off-line condition, and if it is not the user of the 
normal which a server attests, access to a shared file will become impossible. 
[0026] It becomes impossible to access the data copied in the client, and this can be prevented from 
using the high data of confidentiality etc. unjustly, even if a client and a server are in an off-line 
condition. 
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{Drawing 2] 
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[Drawing 3] 
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